Earlier this week, we learned that cybercriminals were sending out fake DocuSign emails in an effort to trick users into installing a piece of malware on their computers. Now, DocuSign is warning customers about a new variant of the malicious campaign.

Initially, the malware-spreading emails impersonating DocuSign notifications came with attachments. However, in the latest version of the campaign, the cybercriminals haven’t attached the malware to the email.

“While the DocuSign Global Network remains safe and secure, we have proactively notified both DocuSign customers and non-users of our eSignature service of the new malware spam via docusign.com, docusign.net, social media and proactive email communications.”

The company advises users to avoid any emails that contain links which point to other websites than https://www.docusign.com or https://www.docusign.net.

For instance, the links from the fake DocuSign emails point to URLs such as:

- http://www.lichtblick-optik.de

- http://www.xeniastudio.hu/abridged/index.html

- http://kozmetikapecel.hu/boxed/index.html

- http://www.crofthandyreflexology.co.uk/klansman/index.html

- http://kesharie.eu/treatable/index.html

To determine where the links point to, users can hover the mouse over the links before clicking on them.

It’s important to remember that appearances might be deceiving. If you see https://www.docusign.net in the email, it doesn’t necessarily mean that it points there, which is why it’s important to hover the mouse over it to see exactly where it takes you to.

DocuSign asks internauts who receive malware-laden emails that leverage the company’s name to forward them to spam@docusign.com.

DocuSign is currently working with security solutions providers and law enforcement agencies in an effort to investigate and put an end to the spam campaigns. In the meantime, users are advised to stay alert.